Essay Help Services

ICTNWK505 | Assessment 5 Lab Active Directory | IT

Home Recent Questions ICTNWK505 | Assessment 5 Lab Active Directory | IT

1. Environment preparation

In this lab you will use one Windows Server 2016 VM and two Windows 10 VMs. 

• You may continue to use the VM W99-Win10-Pro-1 but you will need to reconfigure the logical network settings.

• You will have to setup and configure the VM W99-Win10-Pro-2 as outlined further down.

• You will have to setup and configure the VM W99-Win2016-Full-2-DE-Eval as outlined in the next section. 

• Before proceeding with this assessment, the server W99-SERVER1 should be shut down, or at the very least the ‘DHCP Server’ stopped. Do not remove this VM as it will be needed later. 

2. Server preparation

You will create a VM using an existing prebuilt image and configure it as a DHCP server. 

• Using your copy of the prebuilt Windows Server 2016 virtual disk create a new Windows Server 2016 VM and configure it according to the following specification:

• In VirtualBox Machine Manager in the left pane select W99-Win2016-Full-2-DE-Eval and in the right pane make sure the ‘Details’ view is selected. This will show a summary of VMs configuration details.  

• Sign in as w99-admin and complete all remaining work using this account  

• Open PowerShell and issue the command that will show the full configuration information for the network adapters on W99-SERVER2-DC. If required, expand the screen to make all settings visible in the window. 

3. Windows 10 Client 

• Using the specification below create a new VirtualBox VM using your copy of the virtual disk file W99-Win10-Pro-2.vdi.

• Start the W99-Win10-Pro-2 VM and complete the computer configuration using the specification below.

• On W99-CLIENT2 enable ‘Remote Desktop’ connections (for all connections) and allow incoming and outgoing ping requests.

• Confirm that W99-CLIENT2 and W99-SERVER2-DC can ping each other. If required, resolve any communication issues. 

• Open PowerShell on W99-CLIENT2 and issue the command sequence:

hostname ; ping

4. Install Active Directory

• Installing AD on a server is a two-step process:

  o In the first step the required software components are installed on the server

  o In the second step, AD is configured (forest, domain, DNS) and the server is promoted to become a Domain Controller (DC). 

• Using Server Manager add the ‘Active Directory Domain Services’ (ADDS) role and the DNS role on W99-SERVER2-DC. When prompted to install required features, select ‘Add Features’. Leave all other settings in the ‘Add Roles and Features Wizard’ unchanged. Note that W99-SERVER2-DC will act as a DNS server on your network. 

• After the successful completion of the ‘Add Roles and Features Wizard’, click in the ‘Notifications’ icon (yellow triangle with exclamation mark) to continue with the ‘Post-deployment Configuration’. 

• Click on ‘Promote this server to a domain controller’ to start the ‘Active Directory Domain Services Configuration Wizard’. In the wizard you will have make several choices and provide the required AD configuration information. Complete the AD configuration using the table below:

• Once the server has rebooted sign in as W99Administrator. Be aware that the security context of the Administrator account is now the AD domain and not the ‘local computer’.  

• Several new management consoles become available once ADDS is installed. To confirm that the server is operational, open ‘Active Directory Users and Computers’ (ADUC). In the left pane select the ‘Domain Controllers’ container and check that W99-SERVER2-DC is shown in the right pane

• In the left pane click on the Users container, in the right pane double-click on the ‘w99-admin’ and add user w99-admin to the ‘Domain Admins’ and the ‘Enterprise Admins’ groups. 

• Sign out and sign in again as W99w99-admin. All remaining work that requires administrative privileges in the AD domain is to be done with this account. 

• In the ‘Windows Administrative Tools’ open DNS management to check that the AD specific Forward Lookup Zone (FLZ) _msdcs was added to the server. 

• Select _msdcs.w99.local in the left pane to make the zone entries visible in the right pane. 

• Create the Reverse Lookup Zone (RLZ) for your subnet. You can keep all default settings suggested by the wizard. 

• Open ‘Active Directory Sites and Services’ (ADSS), right-click on ‘Subnets’ and select ‘New subnet…’ 

• In the ‘Prefix:’ field enter the subnet that W99-SERVER2-DC resides on using CIDR notation. 

5. Design and Deploy DHCP Service

You will continue to work on VM W99-Win2016-Full-2-DE-Eval.

• You have to plan your DHCP deployment before you actually install DHCP. As part of this process you will create a specification for the DHCP service by completing/populating the table below. All settings marked as ‘mandatory’ must be provided. Depending on the choices you make for ‘mandatory’ settings, additional settings may also be needed (marked as ‘optional’). Make sure your proposed ‘DHCP Options’ are in line with the settings you used or configured in the previous sections (e.g. subnet, subnet mask, router, etc.). Consult with your peers or your teacher if you require further clarification of the requirements. 

• On W99-SERVER2-DC add the DHCP Server role and complete the ‘Add Roles and Features Wizard’. 

• In ‘Server Manager’ click on the notification icon (yellow triangle with exclamation mark) and select the ‘Complete DHCP configuration’.  Complete the ‘DHCP Post-Install configuration wizard’ using the defaults provided. This will authorize the DHCP server in AD. 

• Open DHCP management and create the IPv4 scope using your above design specification. 

Note: Your DHCP settings must match the specification in your design. If you find you need to change settings (e.g. because you made an error), make sure to also modify corresponding values in the table above. 

• Make sure the scope you created is active (no IPv4 addresses will otherwise be allocated to clients). 

Switch to VM W99-Win10-Pro-2

• Sign in to W99-CLIENT2 using the local Administrator account. You are now to confirm that the DHCP server can successfully allocate network settings to clients. 

• On W99-CLIENT2 change the network adapter to ‘Obtain and IP address automatically’ and to ‘Obtain DNS server address automatically’.

• When/If prompted for the PC to be discoverable on the network select ‘Yes’.

• Open PowerShell on W99-CLIENT2 with ‘Run as administrator’ and issue the command that will show the full configuration information for the network adapters. If required, expand the screen to make all settings visible in the window. 

• If W99-CLIENT2 has an APIPA address assigned, you must resolve the communication issues before proceeding any further (issues may be network related, DHCP server related or both). 

Switch to VM W99-Win10-Pro-1

• Start W99-CLIENT1 and change the network adapter IPv4 address to:

  o ‘Obtain an IP address automatically’ 

  o ‘Obtain DNS server address automatically’.

• When/If prompted for the PC to be discoverable on the network select ‘Yes’.

• On W99-CLIENT1 confirm that you can ping W99-CLIENT2 and W99-SERVER2-DC.

6. Join Computers to the Active Directory Domain

In the previous steps, you prepared the AD environment, enabled clients on the network to receive IP addresses automatically and you verified that the server and clients can successfully communicate. 

In order to participated in AD, a computer needs to join the AD domain. Note that some Windows versions, e.g. Windows 10 Home Edition, cannot be joined to AD. 

• On W99-CLIENT2, proceed as you would when changing the computer name (Control Panel / System / Advanced system settings). However, in the ‘Computer Name/Domain Changes’ window go to the ‘Member of’ area and select ‘Domain:’  

• As domain specify:  w99.local and click on ‘OK’.

• You will be prompted to provide credentials for an AD account with permissions to join computers to the w99.local domain. Provide the credentials you used when you signed in on W99-SERVER2-DC. 

• Accept the welcome screens and when prompted reboot W99-CLIENT2. When a ‘standalone’ system joins to the AD domain, it becomes a ‘domain member’. This allows administrators of the domain to manage and configure the computer (check members of the local Administrators group on W99-CLIENT2). 

• When the login screen re-appears select ‘Other user’. Notice that the login screen now shows ‘Sign in to: W99’.

• Sign in on W99-CLIENT2 using the AD w99-admin account. Note that this account was unknown on W99-CLIENT2 until the computer joined the domain. 

• Open ‘Computer Management / Local Users and Groups / Users’ and confirm that there is no local w99-admin account listed. 

• In ‘Local Users and Groups’ open the Administrators group and add ‘Domain Users’ as a member. Note that this this is not best practice and should not be done on production workstations. 

• Repeat the above steps to join W99-CLIENT1 to the AD domain and then also modify the local Administrators group to include the ‘Domain Users’ group. 

Switch to VM W99-Win2016-Full-2-DE-Eval

You are now to confirm on the DC that the two client computers have successfully joined the w99.local domain. 

• Open ADUC and in the left pane select the ‘Computers’ container. Computers joining the domain are placed in this container by default (unless specified otherwise) and will be listed in the left pane. 

7. Create the Company Structure in Active Directory 

One of the first steps when setting up AD is to create Organizational Units (OU). The OU structure typically reflects the needs of the organisation in regard to the management and administration of users, groups, computers and printers. OUs serve as groupings of user created objects to which Group Policies (GP) may be applied. GPs comprise rules and actions that may be applied to groupings of objects, e.g. objects grouped in an OU. 

The ADUC default containers hold objects created by the system. GPs generally cannot be applied to these default containers. As a rule of thumb: 

• The initial system-created objects located in default containers should not be moved, unless absolutely necessary. 

• Whenever possible, objects created by users (system administrators) should not be placed in default containers. Instead they should be placed/moved to OUs.  Most common examples of such objects are users and computers. 

This approach makes troubleshooting easier and ensures that user-created objects can be successfully targeted by GPs. 

You are to create your lab OU structure and accounts based on the following specification (instructions are provided further down):

• To create objects, open ADUC, right-click on the parent container/OU, select ‘New’ and select the required object type. To move an object within the AD structure, right-click the object, click on ‘Move’ and select the new target location. 

• First create the OUs and groups according to the specification above. 

• Then move w99-admin to the designated OU and create the remaining three users according to the specification.  

• Open a PowerShell prompt with ‘Run as administrator’ and issue the three commands shown below (replace W99 with your own values). Make sure each of the commands is executed as a single line. If required, expand the screen to make all results visible in the window. 

Get-ADObject -Filter { ObjectClass -eq 'organizationalunit' } | Where-Object {$ -Like "W99*"}  | Select Name,DistinguishedName | Sort-Object Name

Get-ADGroup -Filter {GroupScope -eq "Global"} | Where-Object {$ -Like "W99*"} | Select Name,DistinguishedName

Get-ADUser -Filter {ObjectClass -eq 'user'} | Where-Object {$ -Like "W99*"}  | Select Name,DistinguishedName | Sort-Object Name

8. Controlling User Access to Network

Access to the network, to computers and the login times are controlled via the user account properties in ADUC. 


• Confirm that you can successfully sign in as w99-user1 and then sign out. If you were not able to sign in, resolve the issue before proceeding any further.

Switch to W99-SERVER2-DC:

• Open ADUC and navigate to the w99-user1 account

• Right-click on the account and select ‘Disable Account’

Switch to W99-CLIENT1:

• Attempt to sign in as w99-user1. If you are able to sign in, you have made an error. Resolve the issue before proceeding any further.

Switch to W99-SERVER2-DC:

• In ADUC right-click on w99-user1 and select ‘Enable Account’

• Open the properties of w99-user1 account, select the ‘Account’ tab and click on ‘Log On To…’

• Click on ‘The following computers’, in the ‘Computer name’ field type W99-CLIENT1, click on ‘Add’ and accept the modified account settings. 

Switch to W99-CLIENT1:

• Confirm that you can now sign in again on W99-CLIENT1. If you cannot sign in, resolve the issue before proceeding any further. 

Switch to W99-CLIENT2:

• Attempt to sign in as w99-user1. If you are able to sign in, you have made an error. Resolve the issue before proceeding any further.

Switch to W99-SERVER2:

• Remove the ‘Logon Workstation’ restrictions from the w99-user1 account in ADUC.

9. Home Folders and Quota

Users on a network are usually given access to dedicated network storage resources (folders) not accessible or visible to other users. These dedicated ‘private’ folders are called ‘Home Folders’. Quota management may be used to control the amount of space users can store in home folders (and other parts of the storage environment). Quota management forms part of the File Server Resource Manager (FSRM). In this exercise you will configure Home Folders and Quota Management.

• Sign in on W99-SERVER2-DC as w99-admin. 

• Check whether the ‘File Server’ sub-role is installed (the ‘File Server’ role is part of the ‘File and Storage Services’ role). If it is not installed, install it. 

• Open ‘Network and Sharing Center / Advanced sharing settings’, turn on ‘Network Discovery’ for the Domain profile and save the settings.

• Open a Powershell prompt with ‘Run as administrator’ and add the FSRM feature by issuing the command:

Install-WindowsFeature –Name FS-Resource-Manager –IncludeManagementTools

• Open ‘Windows Explorer’ and create the folder C:W99-Home

• Modify the properties of the C:W99-Home folder as follows:

o In the advanced security settings disable inheritance and convert inherited permissions into explicit permissions on the object.

o In the security tab edit ‘Group or user names:’ and remove the ‘Users’ group from the NTFS permissions list.

o Using the ‘Advanced sharing’ settings, enable sharing. Keep the default share name and make the share a hidden share (to find out how to make a Windows share a hidden share check the Internet).

o In share permissions add the group ‘Domain Users’ with full control and remove the ‘Everyone’ group.

• Start ADUC, open the properties of w99-user1 and select the ‘Profile’ tab

o In the ‘Home folder’ section click on ‘Connect’ and select the drive letter H: in the drop-down list.

o In the ‘To:’ field specify the path to the shared home folder using the syntax of the Universal Naming Convention (UNC): 


Note that ‘W99-SERVER2-DCW99-Home$’ is the name of the share you have just created and ‘%USERNAME%’ is a placeholder that will be automatically resolved by ADUC to the login ID of the account that is being edited. 

Click on the ‘Apply’ button.

• Repeat the home folder assignment for W99-User2 

Switch to W99-CLIENT2:

• Make sure that all users are signed out from W99-CLIENT2

• Sign in as w99-user2 

• Open Notepad, type a few characters and save the file as: H: w99-user2-file.txt

• Open Windows Explorer, right-click on ‘Network’ and select ‘Map network drive…’

• In the ‘Folder:’ field type:


And click on ‘Finish’

• Open FSRM (available via the ‘Administrative Tools’ menu)

• In ‘Quota Management’ right-click on ‘Quota Templates’ and select ‘Create Quota Template…’

• Select the ‘100 MB Limit’ template and click on ‘Copy’

• In the ‘Template name:’ field specify the name as: ‘W99 50 MB Limit’, change the space limit to 50.000 MB

• Leave ‘Hard quota’ selected and click on OK

• In ‘Quota Management’ right-click on ‘Quota’ and select ‘Create Quota…’

• Create two quotas based on the following specification:

  o Fort the 1st quota set ‘Quota path…’ to C:W99-Homew99-user1

  o Fort the 2nd quota set ‘Quota path…’ to C:W99-Homew99-user2

  o For both quota set 

- Leave ‘Create quota on path’ selected

- Set ‘Quota properties’ section change the ‘Derive properties from this template (recommended)’ entry and select your previously created template: ‘W99 50 MB Limit’. Click on ‘Create’ when done. 

• Right-click the ‘C:W99-Homew99-user2’ quota entry, select ‘Edit Quota Properties…’ and in the ‘Space limit’ section select ‘Soft quota …’ 

Switch to W99-CLIENT2:

• In the VirtualBox, Settings attach the host folder G:Server-ResourcesStandalone-Browsers as an automounted shared folder 

• Open ‘Windows Explorer’ and from the shared folder copy the two files to H:

c) Provide a screenshot showing all files located in H:. The screenshot must also show the VM title bar. Paste your screenshot below this line.

Switch to W99-CLIENT1:

• Make sure you are signed in as w99-user1 on W99-CLIENT1

• In the VM settings attach the host folder G:Server-ResourcesStandalone-Browsers as an automounted shared folder 

• Open ‘Windows Explorer’ and from the shared folder copy the two files to H:

You will receive an error message stating ‘There is not enough space on w99-user1’. If you do not receive this message your quota configuration is not correct and you must fix it before proceeding any further. 

Similar Posts

Order Now

Latest Reviews


Payments And Security